#! /usr/bin/perl

#also enable strict mode
use strict;

#use the HMTLSubs package and DBQueries package
use HTMLSubs;
use DBQueries;
use CGI;

#start by obtaining the input so that the username can be determined
my $input = obtain_input();

#ensure that input is not blank which would mean that the site is illegally accessed
if(length($input) == 0){
	
	#if so, redirect to login
	print CGI -> redirect("login.pl.cgi");
}

#declare global variable to hold username and group name
my $username;
my $group_name;

#call method to split the full string into a hash of individual variables
#this subroutine returns a reference to the submitted info hash
my $ref_submitted_info = HTMLSubs->decode_input($input);

#dereference the submitted info
my %submitted_info = %$ref_submitted_info;

my $username = $submitted_info{'username'};
my $group_name = $submitted_info{'groupName'};

#call subroutine to display the user manager
#we do not need to determine what input was passed as the script forms target different scripts
display_user_manager();

#subroutine to display teh user manager of a group
sub display_user_manager{
	
	#now call the subroutine to generate the beginning of the html code
	HTMLSubs -> generate_html_beginning("Manage Users of $group_name");
	
	#call sub to print header
	HTMLSubs -> generate_display_head("Document Management System", "Manage Group Users", $username);
	
	print <<END_HTML;
	<!--now proceed to main body-->
	<div class="content">
	<table class="tablecontent">
	<tr class="trmain">
	<td class="tdmain">
	<div class="tdmaindiv">
	
	<!--current members-->
	<h4>Current Members</h4>
END_HTML

	#at this point, call the function to print the selectable list of all current members
	generate_current_user_html($group_name);
	
	#print more hmtl
	print <<END_HTML;
	</div>
	</td>
	<td class="tdmain">
	<div class="tdmaindiv">
	
	<!--all users to be potentially added-->
	<h4>Add more Users</h4>
END_HTML

	#at this point, call the function to print a selectable list of all users that the user could add to the group
	generate_add_user_html($group_name);
	
	#print remaining html more html
	print <<END_HTML;
	
	</div>
	</td>
	</tr>
	</table>
	</div><!--end of all content-->
END_HTML

	#lastly call the subroutine the generate the end of the html code
	HTMLSubs -> generate_html_end();
}

#subroutine to print a multiple select list of all current members of the group to give the user the option to remove users
sub generate_current_user_html{
	
	#get group name from parameter
	my $group_name = $_[0];
	
	#get array of all current users
	my @current_members = DBQueries::getGroupMembers($group_name);
	
	#if there are members show list
	if($current_members[0] ne "0"){
		
		#print the multiple selection form
		print <<END_HTML;
		<table>
			<tr>
			<!--scroll list for appropriate files-->
			<td>
			<p>
			<form action="removeGroupUsers.pl.cgi" method=POST>
			<select name="usersToDelete" MULTIPLE size="10">
			
END_HTML

		#loop through list of members and display in list
		#declare temp scalar for foreach
		my $current_member;
		
		foreach $current_member(@current_members){
			
			print "<OPTION>$current_member";
		}
		
		#print remaining html
		print <<END_HTML;
			</select>
			<!-- now create a hidden field that resubmits the usernmae so that the script knows what user is being passed back-->
			<input type="hidden" name="username" value="$username">
			
			<!-- now create a hidden field that resubmits the group name so that the script knows what group is being passed back-->
			<input type="hidden" name="groupName" value="$group_name">
			
			</p>
		
			<!--submit button-->
			<p><input type="submit" value="Remove User"></form></p>
			</tr>
		</table>
END_HTML
	}
	
	#otherwise display that there are no current members
	else{
		print"<p>Currently, there are no members.</p>";
	}
}

#subroutine to print a multiple select list of all current users that the group owner could potentially add
sub generate_add_user_html{
	
	#get group name from parameter
	my $group_name = $_[0];
	
	#get array of all current users that are not members of the gropu
	my @all_non_members = DBQueries::getAllUsers($group_name);
	
	#if there are members show list
	if($all_non_members[0] ne "0"){
		
		#print the multiple selection form
		print <<END_HTML;
		<table>
			<tr>
			<!--scroll list for appropriate files-->
			<td>
			<p>
			<form action="addGroupUsers.pl.cgi" method=POST>
			<select name="usersToAdd" MULTIPLE size="10">
			
END_HTML

		#loop through list of users and display in list
		#declare temp scalar for foreach
		my $current_user;
		
		foreach $current_user(@all_non_members){
			
			if($current_user ne $username){
				print "<OPTION>$current_user";
			}
		}
		
		#print remaining html
		print <<END_HTML;
			</select>
			<!-- now create a hidden field that resubmits the usernmae so that the script knows what user is being passed back-->
			<input type="hidden" name="username" value="$username">
			
			<!-- now create a hidden field that resubmits the group name so that the script knows what group is being passed back-->
			<input type="hidden" name="groupName" value="$group_name">
			
			</p>
		
			<!--submit button-->
			<p><input type="submit" value="Add User"></form></p>
			</tr>
			<tr><td>
END_HTML
		
		#create cancel button
		#create hash for button
		my %parameter_hash;
		$parameter_hash{'username'} = $username;
		$parameter_hash{'groupSelected'} = $group_name;
	
		#call subroutine to display button that returns the user to the profile
		HTMLSubs -> generate_html_button("profile.pl.cgi", "Return to profile", \%parameter_hash);
		
		#print remaining tags
		print "</table>";
	}
	
	#otherwise display that there are no current members
	else{
		print"<p>Currently, there are no users that are not members of $group_name.</p>";
		
		#create cancel button
		#create hash for button
		my %parameter_hash;
		$parameter_hash{'username'} = $username;
		$parameter_hash{'groupSelected'} = $group_name;
	
		#call subroutine to display button that returns the user to the profile
		HTMLSubs -> generate_html_button("profile.pl.cgi", "Return to profile", \%parameter_hash);
	}
}

#subroutine to obtain and determine what information is passed to the script
#to make this more universal, both GET and POST methods are accepted 
#this reads input for both GET and POST
sub obtain_input{

	#declare scalar to hold passed information
	my $input;

	#now retrieve the input through either get or post
	#change the case of request method
	$ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;

	#if post use STDIN
	if ($ENV{'REQUEST_METHOD'} eq "POST"){
		read(STDIN, $input, $ENV{'CONTENT_LENGTH'});

		#exchange plus signs to spaces
		$input =~ s/\+/ /;

		#deal with special characters using the substitution sample provided
		$input =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg;
	}
	#otherwise the env hash
	else{
		$input = $ENV{'QUERY_STRING'};
		
		#exchange plus signs to spaces
		$input =~ s/\+/ /;
		
		#deal with special characters using the substitution sample provided
		$input =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg;
	}
	
	#now return the correct input
	return $input;	
}